apr-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From sebb <seb...@gmail.com>
Subject Re: Apache Portable Runtime 1.3.5 and APR-Utility 1.3.7 Released
Date Fri, 05 Jun 2009 21:12:20 GMT
I think the announcement was a little premature, as I've yet to find a
mirror that has the new release.

Also the header on http://www.apache.org/dist/apr/ says:

Important Notices

    * Download from your nearest mirror site!
    * APR 1.3.3 is the latest available version
    * APR-util 1.3.4 is the latest available version
    * APR-iconv 1.2.1 is the latest available version
    * APR 0.9.17 is also available
    * APR-util 0.9.15 is also available
    * APR-iconv 0.9.7 is also available
    * PGP/GPG Signatures

Some of the above versions have not been updated for the current release.

Similarly, the footer has out of date versions.

There are rather a lot of files in the directory, some of which seem
to be old versions; it would help if the older versions were deleted.


On 05/06/2009, William A. Rowe, Jr. <wrowe@apache.org> wrote:
>    The Apache Software Foundation and the Apache Portable Runtime
>    Project are proud to announce the General Availability of
>    version 1.3.5 of the APR Apache Portable Runtime library, and
>     version 1.3.7 of the companion APR-util Apache Portable Utility
>    library.
>    The corresponding version 1.2.1 of the companion APR-iconv library,
>    an alternative portable implementation of the 'iconv' library,
>    remains current.
>    APR is available for download from:
>      http://apr.apache.org/download.cgi
>    This version of APR is a security and bug fix release, including
>    fixes for specific platforms' configuration, feature detection,
>    and run time behavior.  Most developers and users are encouraged
>    to adopt the latest APR 1.x version to ensure the most comprehensive
>    support and access to the latest features and enhancements.
>    The security fixes in the APR-util library release 1.3.7 must be
>    evaluated  in the context of how APR-consuming applications use them
>    to determine if the application provides untrusted input to these
>    specific functions, to determine if they represent vulnerabilities
>    to the specific application.  Refer questions to such APR-consuming
>    projects for further guidance.  These fixes (which are similarly
>    corrected in the concurrent APR-util 0.9.17 release) include;
>     * Fixed a denial of service attack against the apr_xml_* interface
>       using the "billion laughs" entity expansion technique.
>       [Joe Orton]
>     * CVE-2009-0023 (cve.mitre.org);
>       Fixed an underflow from the match pattern to apr_strmatch_precompile.
>       [Matthew Palmer <mpalmer debian.org>]
>     * Fixed an off by one overflow in apr_brigade_vprintf.
>       [C. Michael Pilato <cmpilato collab.net>]
>    The mission of the Apache Portable Runtime Project is to create
>    and maintain software libraries that provide a predictable and
>    consistent interface to underlying platform-specific
>    implementations. The primary goal is to provide an API to
>    which software developers may code and be assured of predictable
>    if not identical behavior regardless of the platform on which
>    their software is built, relieving them of the need to code
>    special-case conditions to work around or take advantage of
>    platform-specific deficiencies or features.
>    APR and its companion libraries are implemented entirely in C
>    and provide a common programming interface across a wide variety
>    of operating system platforms without sacrificing performance.
>    Currently supported platforms include:
>      UNIX variants
>      Windows
>      Netware
>      Mac OS X
>      OS/2
>    To give a brief overview, the primary core
>    subsystems of APR 1.3 include the following:
>      Atomic operations
>      Dynamic Shared Object loading
>      File I/O
>      Locks (mutexes, condition variables, etc)
>      Memory management (high performance allocators)
>      Memory-mapped files
>      Multicast Sockets
>      Network I/O
>      Shared memory
>      Thread and Process management
>      Various data structures (tables, hashes, priority queues, etc)
>    For a more complete list, please refer to the following URLs:
>      http://apr.apache.org/docs/apr/modules.html
>      http://apr.apache.org/docs/apr-util/modules.html
>    Users of APR 0.9 should be aware that migrating to the APR 1.x
>    programming interfaces may require some adjustments; APR 1.x is
>    neither source nor binary compatible with earlier APR 0.9 releases.
>    Users of APR 1.x can expect consistent interfaces and binary backwards
>    compatibility throughout the entire APR 1.x release cycle, as defined
>    in our versioning rules:
>      http://apr.apache.org/versioning.html
>    APR is already used extensively by the Apache HTTP Server
>    version 2 and the Subversion revision control system, to
>    name but a few.  We list all known projects using APR at
>    http://apr.apache.org/projects.html -- so please let us know
>    if you find our libraries useful in your own projects!

View raw message